iSCSI

not an Apple appliance.

iSCSI is not an Apple appliance.

The i in iSCSI stands for internet, some say for
insecure, personally I like to think interesting.
I'll try to share the road followed from RFC-3720
to the actual working driver, the challenges, the
frustrations.

pfSense Tutorial

From Zero to Hero with pfSense

pfSense is a free, open source customized distribution
of FreeBSD tailored for use as a firewall and router.
In addition to being a powerful, flexible firewalling
and routing platform, it includes a long list of
related features and a package system allowing
further expandability without adding bloat and
potential security vulnerabilities to the base
distribution. pfSense is a popular project with
more than 1 million downloads since its inception,
and proven in countless installations ranging from
small home networks protecting a PC and an Xbox to
large corporations, universities and other organizations
protecting thousands of network devices.

This tutorial is being presented by the founders
of the pfSense project, Chris Buechler and Scott
Ullrich.

The session will start with an introduction to the
project, hardware sizing and selection, installation,
firewalling concepts and basic configuration, and
continue to cover all the most popular features of
the system. Common usage scenarios, deployment
considerations, step by step configuration guidance,
and best practices will be covered for each feature.
Most configurations will be demonstrated in a live
lab environment.

Attendees are assumed to have basic knowledge of
TCP/IP and firewalling concepts, however no in-depth
knowledge in these areas or prior knowledge of
pfSense or FreeBSD is necessary.

FreeBSD/mips

Embedding FreeBSD

FreeBSD now runs on the MIPS platform. FreeBSD/mips
supports MIPS-32 and MIPS-64 targets, including SMP
for multicore support.

FreeBSD/mips is targeted at the embedded MIPS
marketplace. FreeBSD has run on the MIPS platform
for many years. Juniper ported FreeBSD to the Mips
platform in the late 1990's. However, concern about
intellectual property issues kept Juniper from
contributing the port back to FreeBSD until recently.
The contributed port was a 64-bit mips port.

In the mean time, many efforts were made to bring
FreeBSD to the mips platform. The first substantial
effort to bring FreeBSD to the Mips platform was
done by Juli Mallet. This effort made it to single
user, but never further than that. This effort was
abandoned due to a change in Juli's life. The port
languished.

Two years ago at BSDcan, as my involvement with
FreeBSD/arm was growing, I tried to rally the troops
into doing a FreeBSD/mips port. My efforts resulted
in what has been commonly called the "mips2" effort.
The name comes from the choice of //depot/projects/mips2
to host the work in perforce. A number of people
worked on the earliest versions of the port, but
it too languished and seemed destined to suffer the
same fate as earlier efforts. Then, two individuals
stood up and started working on the port. Wojciech
A. Koszek and Oleksandr Tymoshenko pulled in code
from the prior efforts. Through their efforts of
stabilizing this code, the port to the single user
stage and ported it to three different platforms.
Others ported it to a few more. Snapshots of this
work were released from time to time.

Cavium Networks picked up one of these snapshots
and ported it to their multicore mips64 network
processor. Cavium has kindly donated much of their
work to the comminuty.

In December, I started at Cisco systems. My first
job was to merge all the divergent variants of
FreeBSD/mips and get it into shape to push into the
tree. With luck, this should be in the tree before
I give my talk.

In parallel to this, other advances in the embedded
support for FreeBSD have been happening as well.
I'll talk about new device drivers, new subsystems,
and new build tools that help to support the embedded
developer.

Building self-contained PBIs from Ports (Automagically)

Creating a self-contained application from the ports tree

PC-BSD provides a user-friendly desktop experience,
for experts and casual users alike. PC-BSD is 100%
FreeBSD under the hood, while providing desktop
essentials, such as a graphical installation system,
point-n-click package-management using the PBI
system, and easy to use system management tools;
All integrated into an easy to use K Desktop
Environment (KDE).

The PBI (Push Button Installer) format is the
cornerstone of the PC-BSD desktop, which allows
users to install applications in a self-contained
format, free from dependency problems, and compile
issues that stop most casual users from desktop
adoption. The PBI format also provides power and
flexibility in user interaction, and scripting
support, which allows applications to be fine-tuned
to the best possible user experience.

This talk would go over in some detail our new PBI
building system, which converts a FreeBSD port,
such as FireFox, into a standalone self-contained
PBI installer for PC-BSD desktops.

The presentation will be divided into two main sections:
The Push Button Installer (PBI) Format

An Open Source Enterprise VPN Solution with OpenVPN and OpenBSD

Solving the problem

At Appalachian State University, we utilize an open
source VPN to allow faculty, staff and vendors
secure access to Appalachian State University's
internal network from any location that has an
Internet connection. To implement our virtual private
network project, we needed a secure VPN that is
flexible enough to work with our existing network
registration and LDAP authentication systems, has
simple client installation, is redundant, allows
multiple VPN server instances for special site-to-site
tunnels and unique configurations, and can run on
multiple platforms. Using OpenVPN running on OpenBSD,
we met those requirements and added a distributed
administration system that allows select users to
allow VPN access to specific computers for external
users and vendors without requiring intervention
from our network or security personnel. Our
presentation will start with a quick overview of
OpenVPN and OpenBSD and then detail the specifics
of our VPN implementation.

Dissatisfied with IPSec for road warrior VPN usage
we went looking for a better solution. We had hopped
that we could find a solution that would run on
multiple platforms, was flexible and worked well.
We found OpenVPN and have been pleased. Initially
we ran it on RHEL. We migrated to OpenBSD for pf
functionality and general security concerns. ...and
because we like OpenBSD.

Our presentation will focus on the specifics of our
VPN implementation. We will quickly cover the basics
of OpenVPN and the most used features of OpenBSD.
Moving along we will cover multiple authentication
methods, redundancy, running multiple instances,
integration with our netreg system, how pf has
extended functionality, embedding in appliances,
and client configuration. The system has proven
helpful with providing vendor access where needed
and we'll cover this aspect as well. Time permitting
we will cover current enhancement efforts and future
plans.

OpenVPN has been called the "Swiss army knife" of
VPN solutions. We hope our presentation leaves
participants with that feeling.

"finstall" - the new FreeBSD installer

A graphical installer for FreeBSD

The "finstall" project, sponsored by Google as a
Summer of Code 2007 project, is an attempt to create
a user-friendly graphical installer for FreeBSD,
with enough strong technical features to appeal to
the more professional users. A long term goal for
it is to be a replacement for sysinstall, and as
such should support almost all of the features
present in sysinstall, as well as add support for
new FreeBSD features such as GEOM, ZFS, etc. This
talk will describe the architecture of "finstall"
and focus on its lesser known features such as
remote installation.

"finstall" is funded by Google SoC as a possible
long-term replacement for sysinstall, as a "LiveCD"
with the whole FreeBSD base system on the CD, with
X11 and XFCE4 GUI. In the talk I intend to describe
what I did so far, and what are the future plans
for it. This includes the installer GUI, the backend
(which has the potential to become a generic FreeBSD
configuration backend) and the assorted tools
developed for finstall ("LiveCD" creation scripts).
More information on finstall can be found here:
http://wiki.freebsd.org/finstall.

Measured (almost) does Air Traffic Control

The new Danish Air Traffic Control system, CASIMO,
prompted the development on a modular and general
software platform for data collection, control and
monitoring of "weird hardware" of all sorts.

The talk will present the "measured" daemon, and
detail some of the uses it has been put to, as an,
admittedly peripheral, component of the ATC system.

Many "SCADA" systems suffer from lack of usable
interfaces for external access to the data. Measured
takes the opposite point of view and makes real-time
situation available, and accepts control instructions
as ASCII text stream over TCP connections. Several
examples of how this can be used will be demonstrated.

Measured will run on any FreeBSD system, but has
not been ported to other UNIX variants yet, and it
is perfect for that "intelligent house" project of
yours.

BSD licensed C++ compiler

LLVM is a suite of carefully designed open source
libraries that implement compiler components (like
language front-ends, code generators, aggressive
optimizers, Just-In-Time compiler support, debug
support, link-time optimization, etc.). The goal
of the LLVM project is to build these components
in a way that allows them to be combined together
to create familiar tools (like a C compiler),
interesting new tools (like an OpenGL JIT compiler),
and many other things we haven't thought of yet.
Because LLVM is under continuous development, clients
of these components naturally benefit from improvements
in the libraries.

This talk gives an overview of LLVM's design and
approach to compiler construction, and gives several
example applications. It describes applications of
LLVM technology to llvm-gcc (a C/C++/Objective C
compiler based on the GNU GCC front-end), the OpenGL
stack in Mac OS/X Leopard, and Clang. Among other
things, the Clang+LLVM Compiler provides a fully
BSD-Licensed C and Objective-C compiler (with C++
in development) which compiles code several times
faster than GCC, produces code that is faster than
GCC in many cases, produces better warnings and
error messages, and supports many other applications
(e.g. static analysis and refactoring).

Google SoC

Summer of Code

In this talk, I will briefly discuss some general
ways Google's Open Source Team contributes to the
wider community. The rest of the talk will explore
some highlights of the Google Summer of Code program,
our initiative to get university students involved
in Open Source development.

I will cover the program's inception, lessons learned
over time and tips for success in the program for
both mentors and students. In particular, the talk
will detail some experiences of the *BSD mentoring
organizations involved in the program as a case
study in successfully managing the program from the
Open Source project's perspective. Any Google Summer
of Code participants in the audience are welcome
and encouraged to chime in with their own insights.

A closer look at the ZFS file system

SUN's ZFS file system became part of FreeBSD on 6th
April 2007. ZFS is a new kind of file system that
provides simple administration, transactional
semantics, end-to-end data integrity, and immense
scalability. ZFS is not an incremental improvement
to existing technology; it is a fundamentally new
approach to data management. We've blown away 20
years of obsolete assumptions, eliminated complexity
at the source, and created a storage system that's
actually a pleasure to use.

ZFS presents a pooled storage model that completely
eliminates the concept of volumes and the associated
problems of partitions, provisioning, wasted bandwidth
and stranded storage. Thousands of file systems can
draw from a common storage pool, each one consuming
only as much space as it actually needs. The combined
I/O bandwidth of all devices in the pool is available
to all filesystems at all times.

All operations are copy-on-write transactions, so
the on-disk state is always valid. There is no need
to fsck(1M) a ZFS file system, ever. Every block
is checksummed to prevent silent data corruption,
and the data is self-healing in replicated (mirrored
or RAID) configurations. If one copy is damaged,
ZFS detects it and uses another copy to repair it.

Interfacing embedded FreeBSD with U-Boot

In the embedded world U-Boot is a de facto standard
for an initial level boot loader (firmware). It
runs on a great number of platforms and architectures,
and is open source.

This talk covers the development work on integrating
FreeBSD with U-Boot-based systems. Starting with
an overview of differences between booting an
all-purpose desktop computer vs. embedded system,
FreeBSD booting concepts are explained along with
requirements for the underlying firmware.

Historical attempts to interface FreeBSD with this
firmware are mentioned and explanation given on why
they failed or proved incomplete. Finally, the
recently developed approach to integrate FreeBSD
and U-Boot is presented, with implementation details
and particular attention on how it's been made
architecture and platform independent, and how
loader(8) has been bound to it.

Introduction to Debugging the FreeBSD Kernel

Just like every other piece of software, the FreeBSD
kernel has bugs. Debugging a kernel is a bit different
from debugging a userland program as there is nothing
underneath the kernel to provide debugging facilities
such as ptrace() or procfs. This paper will give a
brief overview of some of the tools available for
investigating bugs in the FreeBSD kernel. It will
cover the in-kernel debugger DDB and the external
debugger kgdb which is used to perform post-mortem
analysis on kernel crash dumps.

DTrace for FreeBSD

What on earth is that system doing?!

DTrace is a comprehensive dynamic tracing facility
originally developed for Solaris that can be used
by administrators and developers on live production
systems to examine the behavior of both user programs
and of the operating system itself. DTrace enables
users to explore their system to understand how it
works, track down performance problems across many
layers of software, or locate the cause of aberrant
behavior. DTrace lets users create their own custom
programs to dynamically instrument the system and
provide immediate, concise answers to arbitrary
questions you can formulate using the DTrace D
programming language.

This talk discusses the port of the DTrace facility
to FreeBSD and demonstrates examples on a live
FreeBSD system.

Introduction to the D language - probes, predicates and actions.

dtrace(8) and libdtrace - the userland side of the DTrace story.

The DTrace kernel module, it's ioctl interface to userland and the provider infrastructure in the kernel.

DTrace kernel hooks and the problem of code licensed under Sun's CDDL.

X.org

upcoming plans

The X.Org project provides an open source implementation
of the X Window System. The development work is
being done in conjunction with the freedesktop.org
community. The X.Org Foundation is the educational
non-profit corporation whose Board serves this
effort, and whose Members lead this work.

The X window system has been changing a lot in the
recent years, and still changing. This talk will
present this evolution, summarizing what has already
been done and showing the current roadmap for future
evolutions, with some focus on how *BSD kernels can
be affected by the developments done with Linux as
the primary target.

What Not To Do When Writing Network Applications

The lessons learnt working with not-so-high-performance network applications

This talk will look at issues which face the modern
network application developer, from the point of
view of poorly-designed examples. This will cover
internal code structure and dataflow, interaction
with the TCP stack, IO scheduling in high and low
latency environments and high-availability
considerations. In essence, this presentation should
be seen as a checklist of what not to do when writing
network applications.

Plenty of examples of well designed network
applications exist in the open and closed source
world today. Unfortunately there are just as many
examples of fast network applications as there are
"fast but workload specific"; sometimes failing
miserably in handling the general case. This may
be due to explicit design (eg Varnish) but many are
simply due to the designer not fully appreciating
the wide variance in "networks" - and their network
application degrades ungracefully when under duress.
My aim in this presentation is to touch on a wide
number of issues which face network application
programmers - most of which seem not "application
related" to the newcomer - such as including
pipelining into network communication, managing a
balance between accepting new requests and servicing
existing requests, or providing back-pressure to a
L4 loadbalancer in case of traffic bursts. Various
schemes for working with these issues will be
presented, and hopefully participants will walk
away with more of an understanding about how the
network, application and operating systems interact.

Using FreeBSD to Promote Open Source Development Methods

In this talk we present Aerosource, an initiative
to bring Open Source Software development methods
to internal software developers at The Aerospace
Corporation.

Within Aerosource, FreeBSD is used in several key
roles. First, we run most of our tools on top of
FreeBSD. Second, the ports collection (both official
ports and custom internal ones) eases our administrative
burden. Third, the FreeBSD project serves as an
example and role model for the results that can be
achieved by an Open Source Software projects. We
discuss the development infrastructure we have built
for Aerosource based largely on BSD licensed software
including FreeBSD, PostgreSQL, Apache, and Trac.
We will also discuss our custom management tools
including our system for managing our custom internal
ports. Finally, we will cover our development
successes and how we use projects like FreeBSD as
exemplars of OSS development.

SCTP - SCTP what it is and how to use it

This talk will introduce the attendee into the
interesting world of SCTP.

We will first discuss the new and different features
that SCTP (a new transport in FreeBSD 7.0) provide
to the user. Then we will shift gears and discuss
the extended socket API that is available to SCTP
users and will cover such items as:

Porting FreeBSD/ARM to Marvell Orion System-On-Chip

This talk covers the development work on porting
the FreeBSD/ARM to Marvell Orion family of highly
integrated chips.

ARM architecture is widely adopted in the embedded
devices, and since the architecture can be licensed,
many implementation variations exist: Orion is a
derivative compliant with the ARMv5TE definition,
it provides a rich set of on-chip peripherals.

Present state of the FreeBSD support for ARM is
explained, areas for improvement highlighted and
its overall shape and condition presented.

The main discussion covers scope of the Orion port
(what integrated peripherals required new development,
what was adapted from existing code base); design
decisions are explained for the most critical items,
and implementation details revealed.

Summary notes are given on general porting methodology,
debugging techniques and difficulties encountered
during such undertaking.